Share This

A system that allows biometric data to be used to create a secret key for data encryption has been developed by researchers in South Africa. They describe details of the new technology in the International Journal of Electronic Security and Digital Forensics this month.

Related Articles

If a user, a web customer say, wishes to send a message or other data to another user, an online shop, over an unsecured network, the message must be encrypted to avoid interception of sensitive information such as passwords and credit card information.

Encryption relies on authentication being symmetric to work. In other words, the user's password or PIN must match the password or PIN stored by the online shop to lock and unlock the data. This is because encryption systems use the password or PIN to produce, or seed, a random number that is used as the cipher for encrypting the data. If the passwords do not match exactly then the seed will be incorrect, the random number different and the decryption will fail.

One way to avoid users having to remember endless, complicated passwords is to use biometrics, including fingerprints, iris pattern, face recognition. However, biometrics is not a symmetric process. The initial recording of biometric data samples only a limited amount of the information, the pigment patter in one's iris, for instance. The unlocking process then compares the iris pattern, or other biometric "token", being presented for access with the sample stored in the database. If the match is close enough, the user can gain entry.

The reason for this asymmetry is that any biometric system takes only a digital sample of data from the fingerprint or iris, for instance. Moreover, even the legitimate user will not be able to present exactly the same biometric data repeatedly. The close enough aspect of biometrics does not make biometrics insecure, provided that the closeness is very precise, but it does mean that biometric tokens cannot be used to create a secret key for an encryption algorithm.

Bobby Tait and Basie von Solms of the University of Johannesburg, Gauteng, South Africa, explain how biometrics can nevertheless be used to make a consistent secret key for encryption.

In conventional encryption, if Alice wishes to send a secret message to Bill, then she must encrypt the message, whether it is an email or credit card details transmitted from her computer to the online shop. In order for the encryption algorithm to provide cipher text that is random, a secret key must be provided. Alice and Bill must share exact copies of their secret key for this to work.

Aside from the asymmetry in biometrics, this approach will not work because Alice and Bill cannot provide the same biometric token to encrypt and decrypt the message. Now, Tait and von Solms have used the so-called BioVault infrastructure to provide a safe and secure way for Alice and Bill to share biometric tokens and so use their fingerprints, iris pattern, or other biometric to encrypt and decrypt their data without their biometrics being intercepted.

The BioVault encryption system works as follows:

In phase 1, Alice identifies herself to the authentication server, and indicates that she wants to send an encrypted message to Bill and requests Bill's biometric key from the server.

In phase 3, Alice uses the biometric key to encrypt her message and sends it to Bill.

In phase 4, Bill receives the message sent by Alice, and decrypts the message by testing the biometric keys in his database against the received cipher text.

The fact that each biometric key (data) is unique means that the BioVault system can irrevocably identify and authenticate users through their biometric keys (data) and detect fraudulent use of biometric keys.

Tait adds that the same approach could also be used to digitally sign electronic documents, files, or software executables using biometrics. He will be presenting the team's results on this aspect of their work in the UK at the beginning of September. "If passwords or tokens are used for authentication, only the password or token is proven as authentic - not the user that supplied the token or password," he explains, "Biometrics authenticates the user directly - this was one of the drivers behind the BioVault development."

More From ScienceDaily

More Matter & Energy News

Featured Research

Mar. 3, 2015 — By examining the forces that the segments of mosquito legs generate against a water surface, researchers have unraveled the mechanical logic that allows the mosquitoes to walk on water, which may ... full story

Mar. 3, 2015 — Researchers have developed a new way of rapidly screening yeasts that could help produce more sustainable biofuels. The new technique could also be a boon in the search for new ways of deriving ... full story

Mar. 3, 2015 — Major cities in the UK are falling behind their international counterparts in terms of their use of smart technologies, according to a new study. The research has found that smart cities in the UK, ... full story

Mar. 3, 2015 — Scientists have explored friction at the microscopic level. They discovered that the force generating friction is much stronger than previously thought. The discovery is an important step toward ... full story

Mar. 3, 2015 — Micro-drones are already being put to use in a large number of areas: These small aircraft face extensive requirements when performing aerial observation tasks or when deployed in the field of ... full story

Mar. 3, 2015 — Recent research contributes to the effort to determine the nature of dark matter, one of the most important mysteries in physics. As indirect evidence provided by its gravitational effects, dark ... full story

Mar. 3, 2015 — Physicists have shown for the first time that electrons in graphene can be moved along a predefined path. This movement occurs entirely without loss and could provide a basis for numerous ... full story

Featured Videos

Forensic Holodeck Creates 3D Crime Scenes

Reuters - Innovations Video Online (Mar. 3, 2015) — A holodeck is no longer the preserve of TV sci-fi classic Star Trek, thanks to researchers from the Institute of Forensic Medicine Zurich, who have created what they say is the first system in the world to visualise the 3D data of forensic scans. Jim Drury saw it in operation.
Video provided by Reuters

Solar Plane Passes New Test Ahead of World Tour

AFP (Mar. 2, 2015) — A solar-powered plane made a third successful test flight in the United Arab Emirates on Monday ahead of a planned round-the-world tour to promote alternative energy. Duration: 01:05
Video provided by AFP

Electric Hydrofoiling Watercraft Delivers Eco-Friendly Thrills

Reuters - Innovations Video Online (Mar. 2, 2015) — The Quadrofoil is a high-tech electric personal watercraft that its makers call a &apos;sports car for the water&apos;. When it hits 10 km/h, the Slovenian-engineered Quadrofoil is lifted above the water onto four wing-like hydrofoils where it &apos;flies&apos; above the surface with minimal water resistance. Matthew Stock reports.
Video provided by Reuters

Mar. 6, 2013 — From the gas station to the department store – paying for something without cash is commonplace. Now such payments become more secure: Scientists have engineered a solution for inspecting the ... full story

Aug. 29, 2012 — A biometric security system based on how a user moves their eyes is being developed by technologists in Finland. Researchers explain how a person's saccades, their tiny, but rapid, involuntary ... full story

June 21, 2012 — Researchers have developed a way for security systems to combine different biometric measurements -- such as eye color, face shape or fingerprints -- and create a learning system that simulates the ... full story

Dec. 7, 2011 — The U.S. National Institute of Standards and Technology has published a revised biometric standard that vastly expands the type and amount of information that forensic scientists can share across ... full story

ScienceDaily features breaking news and videos about the latest discoveries in health, technology, the environment, and more -- from major news services and leading universities, scientific journals, and research organizations.